CloseProcesses: CreateRestorePoint: EmptyTemp: VirusTotal: C:\Users\Andrzej\Downloads\ns9k249b.exe VirusTotal: C:\Users\Andrzej\Downloads\osivz1d8.exe Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-1782749671-2350986616-904643304-1001\...\MountPoints2: {11299a12-7666-11e4-8286-b010411200a8} - "G:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-1782749671-2350986616-904643304-1001\...\MountPoints2: {1a4fbc24-13f2-11e5-829c-b010411200a8} - "F:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-1782749671-2350986616-904643304-1001\...\MountPoints2: {4bf2868e-39fd-11e6-82d2-b010411200a8} - "E:\AutoRun.exe" HKU\S-1-5-21-1782749671-2350986616-904643304-1001\...\MountPoints2: {4bf28726-39fd-11e6-82d2-b010411200a8} - "E:\AutoRun.exe" HKU\S-1-5-21-1782749671-2350986616-904643304-1001\...\MountPoints2: {625d73d3-6e4a-11e4-8285-b010411200a8} - "E:\autorun.exe" HKU\S-1-5-21-1782749671-2350986616-904643304-1001\...\MountPoints2: {88f8eba6-e1e8-11e7-82ec-b010411200a8} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-1782749671-2350986616-904643304-1001\...\MountPoints2: {8a6f697a-080b-11e5-8299-b010411200a8} - "E:\Installer.EXE" HKU\S-1-5-21-1782749671-2350986616-904643304-1001\...\MountPoints2: {8a6f699c-080b-11e5-8299-b010411200a8} - "F:\RunGame.exe" HKU\S-1-5-21-1782749671-2350986616-904643304-1001\...\MountPoints2: {aae764fb-78b6-11e4-8286-b010411200a8} - "H:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-1782749671-2350986616-904643304-1001\...\MountPoints2: {db92dde6-d764-11e4-8293-b010411200a8} - "E:\HTC_Sync_Manager_PC.exe" GroupPolicy: Ograniczenia - Chrome <==== UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1433269838&z=c6cd3b30bdf233c9cdbae9eg0z1c2cao1qctabdc2q&from=cornl&uid=ST1000LM024XHN-M101MBB_S314J90F728598728598&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1433269838&z=c6cd3b30bdf233c9cdbae9eg0z1c2cao1qctabdc2q&from=cornl&uid=ST1000LM024XHN-M101MBB_S314J90F728598728598&q={searchTerms} SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1782749671-2350986616-904643304-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1782749671-2350986616-904643304-1001 -> {1C64B5A1-8076-4A83-9E27-3C7F32A6B733} URL = SearchScopes: HKU\S-1-5-21-1782749671-2350986616-904643304-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1782749671-2350986616-904643304-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1433127608&z=b2275098fa762f6a7ff4a41gazacacag1o4maq4edm&from=wpm06013&uid=ST1000LM024XHN-M101MBB_S314J90F728598728598 FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Andrzej\AppData\Roaming\Mozilla\Firefox\Profiles\uwr5j9rp.default\extensions\quick_searchff@gmail.com => nie znaleziono CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] S3 GENERICDRV; \??\C:\Users\Andrzej\Downloads\amifldrv64.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] S3 ZTEusbmdm6k; \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnet; \SystemRoot\system32\DRIVERS\ZTEusbnet.sys [X] S3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [X] ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku Task: {27D5F34B-A027-485A-BE99-266402E3501B} - System32\Tasks\{4A7C959D-B99C-4CB7-BBB3-7F89849E091B} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Origin\OriginUninstall.exe" Task: {3489B219-2F0C-4AE0-ADA4-A8AEC4E9E845} - System32\Tasks\{D94DFEFB-9517-4DA0-BEAE-00E0BC18E1E5} => C:\WINDOWS\system32\pcalua.exe -a E:\Autorun.exe -d E:\ Task: {A1D5071C-3D3A-480C-B95A-F1F6AEE0BBE7} - System32\Tasks\{EEC4221F-A53E-4D2E-877D-AF82151F7FE2} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Andrzej\Downloads\LCVM_PCDRV_US_1_03_02.exe -d C:\Users\Andrzej\Downloads Task: {A1F42B53-AE2E-4138-B2F5-8A86DCCB4B2C} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe ShortcutWithArgument: C:\Users\Andrzej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.delta-homes.com/?type=sc&ts=1433127608&z=b2275098fa762f6a7ff4a41gazacacag1o4maq4edm&from=wpm06013&uid=ST1000LM024XHN-M101MBB_S314J90F728598728598 ShortcutWithArgument: C:\Users\Andrzej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.delta-homes.com/?type=sc&ts=1433127608&z=b2275098fa762f6a7ff4a41gazacacag1o4maq4edm&from=wpm06013&uid=ST1000LM024XHN-M101MBB_S314J90F728598728598 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II\Diablo II - Lord of Destruction.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II\Lord of Destruction Czytaj to.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II\Lord of Destruction Read Me.lnk C:\Users\Andrzej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rome2.lnk C:\Users\Andrzej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Avast Secure Browser.lnk